Lunar Linux Hardened

From Lunar Linux
Revision as of 23:05, 9 March 2007 by Wdp (Talk | contribs)
Jump to: navigation, search

Contents

Hardened Lunar Linux

The maingoal of this project might be to have a Lunar Linux with security enhancements. The most modules will be patched with patches we've written or others written. Others could be Linux-from-Scratch users or other Distributions. As long as we keep credits - This should be okay.

Language

The mainproblem is my language - so if you read things you don't understand please ask me - My english isn't as good as yours so probably i would be happy for corrections ;-)

Warning

This project is in an experimental state - So use it only if you want to play with it or if you want help developing it. It's not for production use right now.

The Patches

Last Update of this list: 09th March 07'

gcc 4.1.2

posix-1.patch - Makes GCC Posix Compliant

binutils 2.17

branch_update-1.patch - This is the binutils-2_17-branch (bug fix branch) update, compared from binutils-2.17-release and binutils-2_17-branch with all the fluff removed (CVS entries, maintainer files, etc). This patch should be updated periodically.
hardened_tmp-3.patch - This patch uses mkstemp(3) and mkdtemp(3) for temporary file creation, if they are available, rather than the default mktemp(3). This is safer and removes some compiler warnings.
lazy-1.patch - This adds -z lazy option, inverse of -z now.
pt_pax-1.patch - This adds PT_PAX_FLAGS to Binutils. See: http://pax.grsecurity.net/
posix-1.patch - Makes binutils Posix Compliant

coreutils 6.7

i18n-1.patch - This patch fixes various problems with multibyte character support.
uname-1.patch - Fix the output of uname once and for all.

glibc 2.5

blowfish.patch - This patch adds blowfish crypto to libcrypt.
branch_update-2.patch - This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details.
dl_execstack_PaX-1.patch - This is needed for Pax. http://pax.grsecurity.net/
hardened_tmp-1.patch - This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts.
iconv_unnest-1.patch - Move nested function to a static one so we avoid generating a trampoline.
localedef_segfault-1.patch - Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438
pt_pax-1.patch - This is needed for Pax. http://pax.grsecurity.net/
strlcpy_strlcat-1.patch - http://www.courtesan.com/todd/papers/strlcpy.html
Personal tools
Namespaces
Variants
Actions
Wiki Navigation
Project Sites
Toolbox